CVE-2017-2658
Dashbuilder: Lack of clickjacking protection on the login page
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
Se ha descubierto que la página de inicio de sesión de Dashbuilder tal y como se utilizaba en Red Hat JBoss BPM Suite en versiones anteriores a la 6.4.2 y en Red Hat JBoss Data Virtualization Services en versiones anteriores a la 6.4.3 podía abrirse en un IFRAME, lo que permitía interceptar y manipular las solicitudes. Un atacante podría usar este defecto para engañar a un usuario para que realice acciones arbitrarias en la consola (clickjacking).
It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-03-16 CVE Published
- 2023-12-18 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97025 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0557.html | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2018:2243 | 2023-02-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-2658 | 2018-07-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1433087 | 2018-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Bpm Suite Search vendor "Redhat" for product "Jboss Bpm Suite" | < 6.4.2 Search vendor "Redhat" for product "Jboss Bpm Suite" and version " < 6.4.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Data Virtualization \& Services Search vendor "Redhat" for product "Jboss Data Virtualization \& Services" | < 6.4.3 Search vendor "Redhat" for product "Jboss Data Virtualization \& Services" and version " < 6.4.3" | - |
Affected
|